If you have problems, or need help with Wireshark, there are several places that may be of interest to you (well, besides this guide of course).
You will find lots of useful information on the Wireshark homepage at http://www.wireshark.org.
The Wireshark Wiki at http://wiki.wireshark.org provides a wide range of information related to Wireshark and packet capturing in general. You will find a lot of information not part of this user's guide. For example, there is an explanation how to capture on a switched network, an ongoing effort to build a protocol reference and a lot more.
And best of all, if you would like to contribute your knowledge on a specific topic (maybe a network protocol you know well), you can edit the wiki pages by simply using your web browser.
The Wireshark Q and A forum at http://ask.wireshark.org offers a resource where questions and answers come together. You have the option to search what questions were asked before and what answers were given by people who knew about the issue. Answers are graded, so you can pick out the best ones easily. If your issue isn't discussed before you can post one yourself.
The "Frequently Asked Questions" will list often asked questions and the corresponding answers.
Read the FAQ! | |
---|---|
Before sending any mail to the mailing lists below, be sure to read the FAQ, as it will often answer the question(s) you might have. This will save yourself and others a lot of time (keep in mind that a lot of people are subscribed to the mailing lists). |
You will find the FAQ inside Wireshark by clicking the menu item Help/Contents and selecting the FAQ page in the dialog shown.
An online version is available at the Wireshark website: http://www.wireshark.org/faq.html. You might prefer this online version, as it's typically more up to date and the HTML format is easier to use.
There are several mailing lists of specific Wireshark topics available:
- wireshark-announce
-
This mailing list will inform you about new program releases, which usually appear about every 4-8 weeks.
- wireshark-users
-
This list is for users of Wireshark. People post questions about building and using Wireshark, others (hopefully) provide answers.
- wireshark-dev
-
This list is for Wireshark developers. If you want to start developing a protocol dissector, join this list.
You can subscribe to each of these lists from the Wireshark web site: http://www.wireshark.org. Simply select the mailing lists link on the left hand side of the site. The lists are archived at the Wireshark web site as well.
Tip! | |
---|---|
You can search in the list archives to see if someone asked the same question some time before and maybe already got an answer. That way you don't have to wait until someone answers your question. |
Note! | |
---|---|
Before reporting any problems, please make sure you have installed the latest version of Wireshark. |
When reporting problems with Wireshark, it is helpful if you supply the following information:
-
The version number of Wireshark and the dependent libraries linked with it, e.g. GTK+, etc. You can obtain this from the about dialog box of Wireshark, or with the command wireshark -v.
-
Information about the platform you run Wireshark on.
-
A detailed description of your problem.
-
If you get an error/warning message, copy the text of that message (and also a few lines before and after it, if there are some), so others may find the place where things go wrong. Please don't give something like: "I get a warning while doing x" as this won't give a good idea where to look at.
Don't send large files! | |
---|---|
Do not send large files (>100KB) to the mailing lists, just place a note that further data is available on request. Large files will only annoy a lot of people on the list who are not interested in your specific problem. If required, you will be asked for further data by the persons who really can help you. |
Don't send confidential information! | |
---|---|
If you send captured data to the mailing lists, be sure they don't contain any sensitive or confidential information like passwords or such. |
When reporting crashes with Wireshark, it is helpful if you supply the traceback information (besides the information mentioned in "Reporting Problems").
You can obtain this traceback information with the following commands:
$ gdb `whereis wireshark | cut -f2 -d: | cut -d' ' -f2` core >& bt.txt backtrace ^D $
Note | |
---|---|
Type the characters in the first line verbatim! Those are back-tics there! |
Note | |
---|---|
backtrace is a gdb command. You should
enter it verbatim after the first line shown above, but it will not be
echoed. The ^D
(Control-D, that is, press the Control key and the D key
together) will cause gdb to exit. This will
leave you with a file called
|
Note | |
---|---|
If you do not have gdb available, you will have to check out your operating system's debugger. |
You should mail the traceback to the wireshark-dev[AT]wireshark.org mailing list.
The Windows distributions don't contain the symbol files (.pdb), because they are very large. For this reason it's not possible to create a meaningful backtrace file from it. You should report your crash just like other problems, using the mechanism described above.